Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/BZYZvtzESlKQ_cqPex9ijX2ncec.roa
File: BZYZvtzESlKQ_cqPex9ijX2ncec.roa (raw, json)
Hash identifier: p38cnWJAMpz8+UGhclmTL5HtIgUVPLyz+iZUcxfMdC0=
Subject key identifier: 05:96:19:BE:DC:C4:4A:52:90:FD:CA:8F:7B:1F:62:8D:7D:A7:71:E7
Certificate issuer: /CN=3e24c7ecfa37d2487152fb9bbbab50be79de2619
Certificate serial: 01856EB9131907F79089A665B6F57ECD181B
Authority key identifier: 3E:24:C7:EC:FA:37:D2:48:71:52:FB:9B:BB:AB:50:BE:79:DE:26:19
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/BZYZvtzESlKQ_cqPex9ijX2ncec.roa
Signing time: Sun 01 Jan 2023 19:05:00 +0000
ROA not before: Sun 01 Jan 2023 19:05:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 36351
IP address blocks: 185.125.85.0/24 maxlen: 24
185.125.84.0/24 maxlen: 24
193.0.180.0/24 maxlen: 24
185.125.87.0/24 maxlen: 24
193.0.181.0/24 maxlen: 24
185.71.228.0/24 maxlen: 24
185.71.231.0/24 maxlen: 24
185.71.229.0/24 maxlen: 24
2a05:3343::/42 maxlen: 42
Validation: Failed, certificate revoked on Mon 01 Jan 2024 04:30:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:b9:13:19:07:f7:90:89:a6:65:b6:f5:7e:cd:18:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e24c7ecfa37d2487152fb9bbbab50be79de2619
Validity
Not Before: Jan 1 19:05:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=059619bedcc44a5290fdca8f7b1f628d7da771e7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:97:cb:94:07:bc:0b:20:93:98:2f:f7:76:6c:
e7:4c:b7:6a:f3:6a:80:e6:5b:1f:4e:05:22:64:a9:
f8:31:96:59:c7:e1:da:71:bf:bf:a5:d5:cf:c3:72:
6c:d9:2c:c1:69:b0:79:2b:65:6b:7b:b4:1a:d2:cc:
7c:93:57:8e:ae:eb:ae:f8:dc:b3:1a:2c:63:9a:d4:
9f:82:e7:ca:4c:d3:0b:6a:44:bf:26:27:45:fc:f5:
10:e5:2a:85:d5:43:f7:b2:17:3b:7b:9e:3a:2f:18:
20:d0:46:cb:df:a8:e6:dc:05:65:11:a3:c5:c4:be:
38:89:e2:b1:d1:6f:71:0d:51:ff:60:de:60:ae:5f:
f8:e9:c9:11:fa:2a:e0:a2:bf:45:a8:e0:bc:37:23:
f0:4a:24:d7:e8:45:76:27:71:b0:dc:c8:4c:ed:2a:
75:55:95:1e:38:60:a1:fe:99:c1:0c:1c:ed:14:8c:
fd:6c:b4:2b:97:e0:6e:c3:fd:76:01:a6:5b:4f:ff:
91:01:4f:b9:f9:aa:94:23:f8:6e:a4:33:d3:fb:3e:
9f:54:cf:af:f0:cd:ec:56:89:e0:0b:a6:4e:28:e5:
e3:57:45:e2:b3:42:37:61:27:85:5c:ee:bc:e6:1c:
12:61:cf:db:b6:7a:f1:f9:70:f0:08:68:e0:34:d0:
0d:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:96:19:BE:DC:C4:4A:52:90:FD:CA:8F:7B:1F:62:8D:7D:A7:71:E7
X509v3 Authority Key Identifier:
keyid:3E:24:C7:EC:FA:37:D2:48:71:52:FB:9B:BB:AB:50:BE:79:DE:26:19
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/BZYZvtzESlKQ_cqPex9ijX2ncec.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/PiTH7Po30khxUvubu6tQvnneJhk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.71.228.0/23
185.71.231.0/24
185.125.84.0/23
185.125.87.0/24
193.0.180.0/23
IPv6:
2a05:3343::/42
Signature Algorithm: sha256WithRSAEncryption
4a:d9:6e:78:c1:50:62:41:a0:84:cf:ab:95:41:a5:6b:56:15:
b1:16:e9:95:40:df:d4:8b:8c:94:6c:4d:16:af:e1:46:0a:8b:
e3:93:9a:68:d0:a8:43:d1:e3:ea:17:24:6d:ab:60:bd:ac:6b:
d4:74:5c:e7:90:30:ef:68:82:21:a5:0b:5b:1d:1d:97:2f:ff:
11:1f:e3:ec:0e:03:8d:d1:3f:50:9d:95:0f:86:2a:2c:4b:e5:
53:a4:f9:cf:b5:b2:66:46:79:cc:20:55:84:51:3d:0e:8f:6f:
2c:85:a5:5a:69:50:f6:b3:5b:d3:bf:8e:b6:5a:48:29:9d:c9:
56:a7:cf:6e:96:4b:83:27:a7:b8:06:df:c5:62:fa:c0:3f:14:
79:5e:06:be:a4:c0:e1:eb:fa:3a:14:d1:0c:fe:33:6f:85:c6:
38:2d:5c:8f:41:43:5a:60:11:e9:85:05:8f:73:63:3b:95:0d:
8c:37:d0:45:3e:18:0e:e2:50:99:d8:e8:67:56:a0:1b:fc:71:
4a:7a:71:28:dc:d8:8f:31:b1:b4:fc:a9:00:86:0f:1d:c5:eb:
6e:3b:7a:ad:fc:9e:59:0e:0d:d8:ea:cd:a1:0c:73:b3:6e:70:
cb:71:64:8c:fb:ff:c8:b5:e0:ca:ae:f2:e7:dc:a8:eb:31:a0:
55:e1:73:c7
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYVuuRMZB/eQiaZltvV+zRgbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMjRjN2VjZmEzN2QyNDg3MTUyZmI5YmJiYWI1MGJlNzlk
ZTI2MTkwHhcNMjMwMTAxMTkwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTk2MTliZWRjYzQ0YTUyOTBmZGNhOGY3YjFmNjI4ZDdkYTc3MWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5fLlAe8CyCTmC/3dmznTLdq82qA
5lsfTgUiZKn4MZZZx+Hacb+/pdXPw3Js2SzBabB5K2Vre7Qa0sx8k1eOruuu+Nyz
GixjmtSfgufKTNMLakS/JidF/PUQ5SqF1UP3shc7e546Lxgg0EbL36jm3AVlEaPF
xL44ieKx0W9xDVH/YN5grl/46ckR+irgor9FqOC8NyPwSiTX6EV2J3Gw3MhM7Sp1
VZUeOGCh/pnBDBztFIz9bLQrl+Buw/12AaZbT/+RAU+5+aqUI/hupDPT+z6fVM+v
8M3sVongC6ZOKOXjV0Xis0I3YSeFXO685hwSYc/btnrx+XDwCGjgNNANUQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFAWWGb7cxEpSkP3Kj3sfYo19p3HnMB8GA1UdIwQY
MBaAFD4kx+z6N9JIcVL7m7urUL553iYZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGlUSDdQbzMwa2h4VXZ1YnU2dFF2bm5lSmhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8zOWE1ZmMtZDI2ZS00ZDUzLTkxZTMt
NDkzZDc3NGFhMWZmLzEvQlpZWnZ0ekVTbEtRX2NxUGV4OWlqWDJuY2VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8zOWE1ZmMtZDI2ZS00ZDUzLTkxZTMtNDkzZDc3NGFhMWZm
LzEvUGlUSDdQbzMwa2h4VXZ1YnU2dFF2bm5lSmhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAkBAIAATAeAwQBuUfkAwQA
uUfnAwQBuX1UAwQAuX1XAwQBwQC0MA8EAgACMAkDBwYqBTNDAAAwDQYJKoZIhvcN
AQELBQADggEBAErZbnjBUGJBoITPq5VBpWtWFbEW6ZVA39SLjJRsTRav4UYKi+OT
mmjQqEPR4+oXJG2rYL2sa9R0XOeQMO9ogiGlC1sdHZcv/xEf4+wOA43RP1CdlQ+G
KixL5VOk+c+1smZGecwgVYRRPQ6PbyyFpVppUPazW9O/jrZaSCmdyVanz26WS4Mn
p7gG38Vi+sA/FHleBr6kwOHr+joU0Qz+M2+FxjgtXI9BQ1pgEemFBY9zYzuVDYw3
0EU+GA7iUJnY6GdWoBv8cUp6cSjc2I8xsbT8qQCGDx3F6247eq38nlkODdjqzaEM
c7NucMtxZIz7/8i14Mqu8ufcqOsxoFXhc8c=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:58 2024 by rpki-client on console-fra.rpki-client.org